Issue #3262100 by dsnopek: [colorbox] Add D6LTS patch for SA-CORE-2022-007 (056b9720) · Commits · project / d6lts

common/contrib/colorbox/SA-CONTRIB-2022-007.patch

0 → 100644

+134 −0

Original line number	Diff line number	Diff line
		diff --git a/colorbox.module b/colorbox.module
		index ec9c198..409b84c 100644
		--- a/colorbox.module
		+++ b/colorbox.module
		@@ -179,10 +179,10 @@ function _colorbox_doheader() {
		'slideshowSpeed' => variable_get('colorbox_slideshowspeed', 2500),
		'slideshowStart' => variable_get('colorbox_text_start', 'start slideshow'),
		'slideshowStop' => variable_get('colorbox_text_stop', 'stop slideshow'),
		- 'current' => variable_get('colorbox_text_current', '{current} of {total}'),
		- 'previous' => variable_get('colorbox_text_previous', '« Prev'),
		- 'next' => variable_get('colorbox_text_next', 'Next »'),
		- 'close' => variable_get('colorbox_text_close', 'Close'),
		+ 'current' => check_plain(variable_get('colorbox_text_current', '{current} of {total}')),
		+ 'previous' => check_plain(variable_get('colorbox_text_previous', '« Prev')),
		+ 'next' => check_plain(variable_get('colorbox_text_next', 'Next »')),
		+ 'close' => check_plain(variable_get('colorbox_text_close', 'Close')),
		'overlayClose' => variable_get('colorbox_overlayclose', 1) ? TRUE : FALSE,
		'maxWidth' => variable_get('colorbox_maxwidth', '100%'),
		'maxHeight' => variable_get('colorbox_maxheight', '100%'),
		@@ -208,6 +208,9 @@ function _colorbox_doheader() {
		);
		}

		+ $js_settings['photo'] = TRUE;
		+ $js_settings['file_directory_path'] = '/' . trim(file_directory_path(), '/') . '/';
		+
		$path = drupal_get_path('module', 'colorbox');
		$style = variable_get('colorbox_style', 'default');

		diff --git a/js/colorbox.js b/js/colorbox.js
		index b81a547..9af8a1c 100644
		--- a/js/colorbox.js
		+++ b/js/colorbox.js
		@@ -7,6 +7,11 @@ Drupal.behaviors.initColorbox = function (context) {
		$('a, area, input', context)
		.filter('.colorbox:not(.initColorbox-processed)')
		.addClass('initColorbox-processed')
		+ .each(function () {
		+ if (this.hasAttribute('title')) {
		+ this.setAttribute('title', Drupal.checkPlain(this.getAttribute('title')));
		+ }
		+ })
		.colorbox(Drupal.settings.colorbox);
		};

		diff --git a/js/colorbox_inline.js b/js/colorbox_inline.js
		index 44db3d1..45e3c80 100644
		--- a/js/colorbox_inline.js
		+++ b/js/colorbox_inline.js
		@@ -15,7 +15,16 @@ Drupal.behaviors.initColorboxInline = function (context) {
		if (!results) { return ''; }
		return results[1] \|\| '';
		};
		- $('a, area, input', context).filter('.colorbox-inline:not(.initColorboxInline-processed)').addClass('initColorboxInline-processed').colorbox({
		+ $('a, area, input', context).filter('.colorbox-inline:not(.initColorboxInline-processed)').addClass('initColorboxInline-processed')
		+ .filter(function () {
		+ var href = Drupal.absoluteUrl(this.href),
		+ q = $.urlParam('q', href);
		+ if (q != '') {
		+ q = '/' + q;
		+ }
		+ return Drupal.urlIsLocal(href) && href.indexOf(settings.file_directory_path) === -1 && href.indexOf('/system/files/') === -1 && q.indexOf('/system/files/') === -1;
		+ })
		+ .colorbox({
		transition:settings.transition,
		speed:settings.speed,
		opacity:settings.opacity,
		@@ -38,7 +47,7 @@ Drupal.behaviors.initColorboxInline = function (context) {
		return $.urlParam('height', $(this).attr('href'));
		},
		title:function(){
		- return $.urlParam('title', $(this).attr('href'));
		+ return Drupal.checkPlain($.urlParam('title', $(this).attr('href')));
		},
		iframe:function(){
		return $.urlParam('iframe', $(this).attr('href'));
		diff --git a/js/colorbox_load.js b/js/colorbox_load.js
		index 0bb277e..68869f8 100644
		--- a/js/colorbox_load.js
		+++ b/js/colorbox_load.js
		@@ -10,7 +10,20 @@ Drupal.behaviors.initColorboxLoad = function (context) {
		if (!results) { return ''; }
		return results[1] \|\| '';
		};
		- $('a, area, input', context).filter('.colorbox-load:not(.initColorboxLoad-processed)').addClass('initColorboxLoad-processed').colorbox({
		+ $('a, area, input', context).filter('.colorbox-load:not(.initColorboxLoad-processed)').addClass('initColorboxLoad-processed')
		+ .filter(function () {
		+ var href = Drupal.absoluteUrl(this.href),
		+ q = $.urlParam('q', href);
		+ if (q != '') {
		+ q = '/' + q;
		+ }
		+ return Drupal.urlIsLocal(href) && href.indexOf(settings.file_directory_path) === -1 && href.indexOf('/system/files/') === -1 && q.indexOf('/system/files/') === -1;
		+ })
		+ .each(function () {
		+ if (this.hasAttribute('title')) {
		+ this.setAttribute('title', Drupal.checkPlain(this.getAttribute('title')));
		+ }
		+ }).colorbox({
		transition:settings.transition,
		speed:settings.speed,
		opacity:settings.opacity,
		diff --git a/js/colorbox_login.js b/js/colorbox_login.js
		index 0eb2ec0..bc1b054 100644
		--- a/js/colorbox_login.js
		+++ b/js/colorbox_login.js
		@@ -4,7 +4,26 @@ Drupal.behaviors.initColorboxLogin = function (context) {
		if (!$.isFunction($.colorbox)) {
		return;
		}
		- $("a[href='/user/login'], a[href='?q=user/login']", context).colorbox({
		+ var settings = Drupal.settings.colorbox;
		+ $.urlParam = function(name, url){
		+ var results = new RegExp('[\\?&]' + name + '=([^&#]*)').exec(url);
		+ if (!results) { return ''; }
		+ return results[1] \|\| '';
		+ };
		+ $("a[href='/user/login'], a[href='?q=user/login']", context)
		+ .filter(function () {
		+ var href = Drupal.absoluteUrl(this.href),
		+ q = $.urlParam('q', href);
		+ if (q != '') {
		+ q = '/' + q;
		+ }
		+ return Drupal.urlIsLocal(href) && href.indexOf(settings.file_directory_path) === -1 && href.indexOf('/system/files/') === -1 && q.indexOf('/system/files/') === -1;
		+ })
		+ .each(function () {
		+ if (this.hasAttribute('title')) {
		+ this.setAttribute('title', Drupal.checkPlain(this.getAttribute('title')));
		+ }
		+ }).colorbox({
		initialWidth:200,
		initialHeight:200,
		onComplete:function () {